Canadian coppers have admitted that they is spying on mobile phones throughout Canada because they are worried about illegal monitoring by criminals and foreign spies.
The RCMP held the briefing in the wake of a CBC News investigation that found evidence that devices known as IMSI catchers may be in use near government buildings in Ottawa for the purpose of illegal spying.
After hiding their own use of the technology in secrecy for years, the RCMP spoke out about the devices — also known as Stingrays or Mobile Device Identifiers (MDIs).
The RCMP says that MDIs – of which it owns 10 – have become “vital tools” deployed scores of times to identify and track mobile devices in 19 criminal investigations last year and another 24 in 2015.
RCMP Chief Supt. Jeff Adam said that in all cases but one in 2016, police got warrants. The one exception was an exigent circumstance — in other words, an emergency scenario “such as a kidnapping”.
Adam’s office tracks every instance where an MDI has been used by the RCMP. He says using an MDI requires senior police approval as well as getting a judge’s order.
And he says the technology provides only a first step in an investigation allowing officers to identify a device. He says only then can police apply for additional warrants to obtain a user’s “basic subscriber information” such as name and address connected to the phone.
Then, he says, only if the phone and suspect are targets of the investigation can police seek additional warrants to track the device or conduct a wiretap to capture communications. Adam says the RCMP currently has 24 technicians trained and authorized to deploy the devices across Canada. He knows other police forces own and use them too, but declined to name them.
The first cracker to use the untraceable Heartbleed bug to steal data from the Canadian taxman has had his collar fingered by the Mounties.
Inspector Knacker of the London Yard arrested a 19-year-old man and charged him in connection with the attack.
The Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised because of an attack on its site.
Stephen Solis-Reyes faces criminal charges of unauthorized use of computer and mischief in relation to data.
Inspector Knacker confirmed in a statement that Solis-Reyes, allegedly, was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug.
They have seized Solis-Reyes computer equipment and scheduled his first court appearance for July 17, 2014.
Security experts have warned that more attacks will follow until companies update their software.
Solis-Reyes, a student at Western University, is the son of Roberto Solis-Oba who teaches computer science at Western.
According to his lawyer he is an A student and a very, very bright young man. Apparently the kid is too emotional to speak about the charges against him and police haven’t told him anything, either. So far no-one has seen the evidence.
Contrary to earlier reports Solis-Reyes voluntarily turned himself in to police on Tuesday after officers threatened to arrest him in the middle of one of his classes. Days earlier Mounties served a warrant at Solis-Reyes’s house at 1AM but left without advising of a charge.
The CRA temporarily shut down some access to its website late on April 8 in response to security concerns about the Heartbleed bug. This security flaw in its website encryption left it vulnerable to hackers.